<?php
require_once  TEMPLATEPATH .'/incs/payments/paypal/function.php';
function create_url_paypal($item_name,$item_amount,$currency_code,$item_number,$shipping,$quantity)
{
 	$paypal_email =get_option('email_paypal');
 	$return_url = get_bloginfo('url').'/booking'; 


	$cancel_url = get_bloginfo('url').'/booking';
	$notify_url = get_bloginfo('url').'/paypal/paypal';
	// Firstly Append paypal account to querystring
    $querystring .='?cmd=_xclick&';
	$querystring .= "business=".urlencode($paypal_email)."&";	
	
	// Append amount& currency (£) to quersytring so it cannot be edited in html
	
	//The item name and amount can be brought in dynamically by querying the $_POST['item_number'] variable.
	$querystring .= "currency_code=".urlencode($currency_code)."&";
	$querystring .= "item_name=".urlencode($item_name)."&";
	$querystring .= "amount=".urlencode($item_amount)."&";
	$querystring .= "shipping=".urlencode($shipping)."&";
	$querystring .= "quantity=".urlencode($quantity)."&";		
	$querystring .= "item_number=".urlencode($item_number)."&";
	//loop for posted values and append to querystring
	foreach($_POST as $key => $value){
		$value = urlencode(stripslashes($value));
		$querystring .= "$key=$value&";
	}
	
	// Append paypal return addresses
	$querystring .= "return=".urlencode(stripslashes($return_url))."&";
	$querystring .= "cancel_return=".urlencode(stripslashes($cancel_url))."&";
	$querystring .= "notify_url=".urlencode($notify_url);
	
	// Append querystring with custom field
	//$querystring .= "&custom=".USERID;
	
	// Redirect to paypal IPN
	if(get_option('status_pp')=='Test')
	{
		$url='https://www.sandbox.paypal.com/cgi-bin/webscr'.$querystring;
		wp_redirect($url);
		//echo "<script>document.location.href='$url';</script>";
	   
	//header('location:https://www.sandbox.paypal.com/cgi-bin/webscr'.$querystring);
	}
	else 
	{
		$url='https://www.paypal.com/cgi-bin/webscr'.$querystring;
		wp_redirect($url);
		//echo "<script>document.location.href='$url';</script>";
	   
	  //header('location:https://www.paypal.com/cgi-bin/webscr'.$querystring);
	}
	exit();

}

function  get_transaction_return_form_paypal()
{
    
	if (isset($_POST["txn_id"]) && isset($_POST["txn_type"])){
	
		$req = 'cmd=_notify-validate';
	foreach ($_POST as $key => $value) {
		$value = urlencode(stripslashes($value));
		$value = preg_replace('/(.*[^%^0^D])(%0A)(.*)/i','${1}%0D%0A${3}',$value);// IPN fix
		$req .= "&$key=$value";
	}
	// assign posted variables to local variables
	$data['item_name']			= $_POST['item_name'];
	$data['item_number'] 		= $_POST['item_number'];
	$data['payment_status'] 	= $_POST['payment_status'];
	$data['payment_amount'] 	= $_POST['mc_gross'];
	$data['payment_currency']	= $_POST['mc_currency'];
	$data['txn_id']				= $_POST['txn_id'];
	$data['receiver_email'] 	= $_POST['receiver_email'];
	$data['payer_email'] 		= $_POST['payer_email'];
	$data['custom'] 			= $_POST['custom'];
	
	$dd=array(
					'txn_id'=>$_POST['txn_id'],
					'payment_amount'=>$_POST['mc_gross'],
					'payment_status'=>$_POST['payment_status'],
					'item_number'=> $_POST['item_number'],
					'createdtime'=>date("Y-m-d H:i:s")
					);
		
	// post back to PayPal system to validate
	$header = "POST /cgi-bin/webscr HTTP/1.0\r\n";
	$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
	$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
	if(get_option('status_pp')=='no')
	{
	$fp = fsockopen ('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30);
	}
	else 
	{
	   $fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);
	}	
if (!$fp) {
		// HTTP ERROR
	} else {	

		fputs ($fp, $header . $req);
		while (!feof($fp)) {
			$res = fgets ($fp, 1024);
			if (strcmp($res, "VERIFIED") == 0) {
			
				// Used for debugging
				//@mail("you@youremail.com", "PAYPAL DEBUGGING", "Verified Response<br />data = <pre>".print_r($post, true)."</pre>");
						
				// Validate payment (Check unique txnid & correct price)
				$valid_txnid = check_txnid($data['txn_id']);
				//$valid_price = check_price($data['payment_amount'], $data['item_number']);
				// PAYMENT VALIDATED & VERIFIED!
				if($valid_txnid){		
					$orderid = updatePayments($dd);		
					if($orderid){	

						print_r($dd);
						
						// Payment has been made & successfully inserted into the Database								
					}else{								
						// Error inserting into DB
						// E-mail admin or alert user
					}
				}else{					
					// Payment made but data has been changed
					// E-mail admin or alert user
				}						
			
			}else if (strcmp ($res, "INVALID") == 0) {
			
				// PAYMENT INVALID & INVESTIGATE MANUALY! 
				// E-mail admin or alert user
				
				// Used for debugging
				//@mail("you@youremail.com", "PAYPAL DEBUGGING", "Invalid Response<br />data = <pre>".print_r($post, true)."</pre>");
			}		
		}		
	fclose ($fp);
	}	
	}
}


